Solved

Splunk - receiving data from univ. forwarder

Posted on 2015-01-11
7
149 Views
Last Modified: 2015-01-25
Hey experts! I am evaluating Splunk for a client. I have deployed the server piece and installed the universal forwarder onto a few Windows servers. I noticed the logs from these servers appeared to not be showing in search results.

I checked the splunkd file and the last line shows a successful connection to the Splunk server. During the install wizard of the univ forwarder, I just accepted the defaults.

Is there a configuration piece I am missing?
0
Comment
Question by:Schuyler Dorsey
  • 5
  • 2
7 Comments
 
LVL 10

Author Comment

by:Schuyler Dorsey
ID: 40543678
FYI the Univ. Forwarder sends the App, System and Security logs by default.
0
 
LVL 10

Author Comment

by:Schuyler Dorsey
ID: 40543687
I have an index created for wineventlog and msad. Just accepted defaults for these.
0
 
LVL 10

Author Comment

by:Schuyler Dorsey
ID: 40543708
I think I got it. After rebooting the indexer, some logs are appearing in search results. Will monitor to confirm resolution.
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 
LVL 62

Expert Comment

by:btan
ID: 40545874
if you check the output.conf comments, it stated "# You must restart Splunk to enable configurations."

http://docs.splunk.com/Documentation/Splunk/6.2.1/Admin/Outputsconf

also it stated restart forwarder for some configuration changes.

http://docs.splunk.com/Documentation/Splunk/6.2.1/Forwarding/Deploymentoverview#General_configuration_issues
0
 
LVL 10

Accepted Solution

by:
Schuyler Dorsey earned 0 total points
ID: 40559577
I fixed this by adjusting my inputs.conf. My stanzas had an error in them.
0
 
LVL 62

Expert Comment

by:btan
ID: 40559710
thanks for sharing hope my post has help though
0
 
LVL 10

Author Closing Comment

by:Schuyler Dorsey
ID: 40569007
Correct answer.
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

As technology users and professionals, we’re always learning. Our universal interest in advancing our knowledge of the trade is unmatched by most industries. It’s a curiosity that makes sense, given the climate of change. Within that, there lies a…
One of the biggest threats in the cyber realm pertains to advanced persistent threats (APTs). This paper is a compare and contrast of Russian and Chinese APT's.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question